So yeah that actually happened! I’ve always wanted to publish a book and thanks to Apress publishing – that is a reality now. The book is titled “Practical Docker With Python: Build, Release and Distribute your Python App with Docker” and is targeted at people who are new to Docker and want to containerize their application (with an example Python chat bot). The book starts with a brief introduction to containers and Docker, guides you on how to get started with Docker before diving into deeper topics such as Docker Networks, Volumes and Compose.

I’ve spent a lot of time working on the book and I’d really appreciate feedback – whether as reviews on Amazon, Goodreads or as email – please do feel free to send me any feedback – I’d love to improve upon what I have started.

Round of thanks to my Adobe I/O colleagues(especially Sangeetha) for making a poster of the book cover and gifting me this as a poster – will treasure it forever!

]]>https://sathyasays.com/2018/09/02/on-securing-containers-and-open-source-tools-for-scanning-vulnerabilities-in-docker-images/feed/01647E3 2018 Round up of trailers/games that I likedhttps://sathyasays.com/2018/06/15/e3-2018-round-up-of-trailers-games-that-i-liked/
https://sathyasays.com/2018/06/15/e3-2018-round-up-of-trailers-games-that-i-liked/#respondFri, 15 Jun 2018 15:32:33 +0000https://sathyasays.com/?p=1610E3 has come and gone by and most of the year’s press conferences were boring (what was EA even smoking?). Having said that, some of these did grab my attention. Below are a list (in no specific order) of gameplay/trailers/things I’m looking for and thought were good. Enjoy

Ghost of Tsushima – Saving the best for last – looks really good, sounds fantastic and the gameplay looks like a mix of Witcher 3 and Metal Gear Rising.

Anything you feel I missed or you prefer? Drop a comment below

]]>https://sathyasays.com/2018/06/15/e3-2018-round-up-of-trailers-games-that-i-liked/feed/01610Scanning Docker Image for Vulnerabilities with Aqua MicroScannerhttps://sathyasays.com/2018/05/28/scanning-docker-image-for-vulnerabilities-with-aqua-microscanner/
https://sathyasays.com/2018/05/28/scanning-docker-image-for-vulnerabilities-with-aqua-microscanner/#respondMon, 28 May 2018 18:10:16 +0000https://sathyasays.com/?p=1600Containers are slowly becoming the standardized units of deployment. As containers become more popular, they also become the focus targets for attacking the system via vulnerabilities present in the packages within the image. There are quite a few container vulnerability scanning solutions (example: Clair, Twistlock, Aqua) – however most of them are either commercial or require an elaborate setup, which makes it difficult for individual developers to involve them as part of the container build process.

I found recently that Aqua has introduced a free-to-use tool called Aqua MicroScanner for scanning container images for package vulnerabilities. What makes this even more attractive and easy-to-use is that it doesn’t need any elaborate or predefined server setups – and all that is needed to use this is:

Get a token from Aqua

Add the scanner and run it as part of the container build process

If the image contains any packages with vulnerabilities, Aqua will present a summary of the vulnerabilities, the average CVE score as well as a list of the found vulnerabilities.

To get started with Aqua MicroScanner, register for a token

$ docker run --rm -it aquasec/microscanner --register <email address>

With the token available, add it as part of your build process. For example, if we were to check and scan an image based on nginx, the Dockerfile would look like below

Aqua will stop the build if it finds any vulnerabilities of severity “High” – however, we can pass --continue-on-failure flag to ignore the High severity issues and continue the build.

I think this tool is really good, especially for small developers – with just few lines of Dockerfile instructions, the developer is able add vulnerability scanning of the images – and combined with CI like that of Gitlab CI/CD Pipelines, it’s a good way of building vulnerability-free container images.

]]>https://sathyasays.com/2018/05/28/scanning-docker-image-for-vulnerabilities-with-aqua-microscanner/feed/01600Convert newsletters to RSS feeds with Kill-The-Newsletterhttps://sathyasays.com/2018/05/22/convert-newsletters-to-rss-feeds-with-kill-the-newsletter/
https://sathyasays.com/2018/05/22/convert-newsletters-to-rss-feeds-with-kill-the-newsletter/#commentsTue, 22 May 2018 04:32:22 +0000https://sathyasays.com/?p=1592Long time, no write! Newsletters have become all the rage these days and I guess for good reason – they’re curated, come in (usually) once a week and typically offer a respite from the deluge of news that comes in why typical RSS Feeds or via Twitter. Naturally I subscribed to few initially and then the list of newsletters increased – and now I am stuck with a newsletter bomb in my Inbox

newsletters, newsletters everywhere

Filters was nice for classification, archiving them meant they would just languish in the filtered view, not to be looked at. I thought I’d be nice to somehow have them come to my RSS feed instead of cluttering up my Inbox and with a quick search I found Kill-The-Newsletter. This handy little web app creates a random email id for you to provide in the subscription mailbox and converts the incoming mails to RSS (well, to be specific, Atom) feeds. Kill-The-Newsletter is open source, so you can even self-host the app on your own servers.

Pretty nifty and has saved my Inbox from clutter.

]]>https://sathyasays.com/2018/05/22/convert-newsletters-to-rss-feeds-with-kill-the-newsletter/feed/11592A Brief Look at the Oculus Rifthttps://sathyasays.com/2017/11/05/a-brief-look-at-the-oculus-rift/
https://sathyasays.com/2017/11/05/a-brief-look-at-the-oculus-rift/#respondSun, 05 Nov 2017 15:46:02 +0000https://sathyasays.com/?p=1545VR and me go like chalk and cheese – ever since a kid, I’ve had motion sickness which limited me from playing most FPS games and my last attempt at VR(at IGX 2016) was a disaster – I barely could withstand 30 seconds of VR. Granted the game selection was bad – for me anyway (Driveclub on PSVR) – still I didn’t expect that bad of a reaction.

With that bit of context, the reactions that flew in when I told the folks that I(well Jo, my wife, to be more precise) bought the Rift was expected.

So it wasn’t entirely my decision to buy it in the first place, but given the experience with the Rift so far, I think it’s been a great buy.

Unboxing & Hardware Setup

I’ll let the pictures do the talking.

The Oculus Rift Touch bundle comes with 2 Touch controllers, 2x sensors, couple of AA batteries for the Touch controllers, the headset and a lens-cleaning cloth. There are few things worth mentioning:

I really, really liked the box pack. It was well designed, enough space to place all the components safely and pack it away

The battery door for the Touch controller has a magnet which means when you push it to close, it automatically snaps. That’s a nice feedback and a feature well thought of

USB Ports: This is something that I didn’t bother to check but Oculus recommends that you have a minimum of 3 USB 3.0 ports and a USB 2.0 ports. Some discussions on Reddit suggest that they may work on USB2.0 ports, but for best tracking and results, I think it’s better to get PCI-E cards which offer USB slots. My desktop had only 2x USB 3.0 ports, but luckily noticed this and grabbed an Anker 4 port USB 3.0 Hub which works very well.

GPU support: VR requires a fairly beefy CPU & GPU. The Rift also requires a free HDMI port on the GPU. While this may not be a problem, some of the GPUs might come with only one HDMI and the remaining DisplayPort ports + DVI ports(which was my case) – and you need to have both the VR headset as well the monitor connected – at least for the initial setup. Not having a second HDMI port was a big problem – thankfully I managed to find a spare DVI cable and connected my monitor via DVI and plugged the Rift into the HDMI. If you’re using multiple monitors – remember this and grab the required adapters as well.

The initial setup is a fairly involved process but this is not mentioned anywhere on the box(which doesn’t come with a manual) – yes software install is a breeze but when you have USB and HDMI ports dangling like a Hydra not knowing where to plug what was bit weird and had to search Oculus’ support site for the instructions. I’m not sure why they didn’t make a leaflet out of this. I realized later during the software setup that they prompt you to plug-in the required components – I guess I’m just too used to the old style of plug the hardware in and then do the software install

Software Setup and First Launch

Once you have the Rift hardware setup properly, Oculus will start the first time setup. This involves things like entering your height(to calibrate the ground height), touch sensor calibration, mapping out the play area, setting up the Guarding system(which is basically a wireframe “wall” indicating you’re about to exit the safe area). This doesn’t take too long and is a one-time thing, even if you have multiple people using the headset.

Where Oculus has nailed the VR experience is their first launch app, called “First Contact“. It’s basically set in a spaceship(or a room?) with a robot where the robot keeps giving you “programs” in a floppy that you “grab” it and push it into a 3D printer and then pick it up. It sounds like no big deal, but the detailing and the way the robot is done is incredibly awesome and will evoke a great response from all.

Comfort

The headset is far lighter and much more comfortable than the PSVR and the Vive. Also, something the other headsets don’t have – the Rift actually comes with over the ear headphones – and these actually sound really awesome. It sounds strange/trivial about the over-the-earphones, but putting on the headphones over the VR headset(or earphones before putting on the headset) when you can’t see a lot is a pain and the built-in headphones makes the whole experience seamless.

The Touch Controller is crafted very well, fits your palm nicely and doing gestures such as pointing, grabbing, making a fist feels so natural, you don’t feel that you have a controller on both your hands. The Touch Controller has some other neat features – when you have your hand in the field of view of the sensor, you see a pair of virtual hands so that you know how to grab the sensor. This seems easy but when you have your eyes covered by the headset, it’s not as straightforward as it looks.

Games

I haven’t played a whole lot of games – among the ones that I did play – Robo Recall came with the bundle and is regarded supposedly one of the best VR games and I can see the acclaim. You pick up the guns from the holster. You can catch bullets and throw it back. You can catch robots and throw them back. You can grab them and pull them apart. You can grab them, throw them in the air, grab your weapons and shoot them. All this while doing gestures just like how you’d do it in real. And while you’re doing all this, you’re reactively ducking to avoid gun fire, bending your knee to pick up guns or other things on the ground – it’s quite an experience and makes me why even on this date, the VR demos are the crappy low res Rollercoaster ones.

RecRoom is another great VR experience – it’s basically a big social club with some great mini games such as VR Paintball, 3D charades and so on. RecRoom is in early access, but is free for now.

I’m yet to pick up Unspoken(which basically made Jo purhcase the Rift) and will also pickup Diner Duo when it goes on sale. I did give Project Cars a go(again!) but yeah didn’t last long – the motion sickness made me uncomfortable before I could even say the word.

Summing up

If you’re still on the fence about VR, have a decent system capable of VR, I think the Rift bundle, especially with the US pricing of $400 is a great purchase. There’s loads of VR games – both free and paid and some of them are just that good to make the purchase worthwhile.

Have any questions? Drop a comment below or send me tweet, will reply.

]]>https://sathyasays.com/2017/11/05/a-brief-look-at-the-oculus-rift/feed/01545Accessing Chef Databag Items from within attributeshttps://sathyasays.com/2017/04/28/accessing-chef-databag-items-from-within-attributes/
https://sathyasays.com/2017/04/28/accessing-chef-databag-items-from-within-attributes/#commentsFri, 28 Apr 2017 10:08:00 +0000https://sathyasays.com/?p=1522In Chef parlance, databags are global variables saved in JSON format and are stored and accessible on the Chef server. Given that these are indexed and can be searched up along with the fact that they can be encrypted make them ideal candidates to store secrets such as credentials/ssh keys.

Chef provides an easy way to search and fetch databag and databag items from within a recipe:

]]>https://sathyasays.com/2017/04/28/accessing-chef-databag-items-from-within-attributes/feed/11522Of nginx’s mid cut off responses and proxy buffershttps://sathyasays.com/2017/03/13/of-nginxs-mid-cut-off-responses-and-proxy-buffers/
https://sathyasays.com/2017/03/13/of-nginxs-mid-cut-off-responses-and-proxy-buffers/#commentsMon, 13 Mar 2017 11:50:03 +0000https://sathyasays.com/?p=1509Among the services I look after, the biggest and high-profile – is the user facing website. The website is your bog-standard typical frontend(powered by Express/Angular) which fetches data via an API which is powered by the backend(built on Rails). Typical flow is that Express receives the request from the browser, makes a request to the backend which is then served using Rails API via nginx which acts as the reverse proxy.

Couple of weeks back, the team received a support request that one specific route from an internal webapp(of similar architecture as the user facing website above) was throwing an 500 Internal Server error. Now in our case, a 500 server error is typically a sign that the backend was not able to complete the request successfully. I took a look at the application logs and the responses were all proper, nothing out of the ordinary. The error would come intermittently and since it was not a route that was heavily in use, I opted to have a deferred look at it.

A few days ago, the same problem manifested again but on a different route(this time, a more frequently used one) and I couldn’t afford to delay looking at this any longer.

I did some basic analysis:

The DB returns the data properly

Rails objects are correctly populated

The API returns the data

Browser console didn’t show any errors

So what was it that was causing the problem? I tried to make the same request with cURL and this time, I noticed that the API’s JSON response was truncated and not complete. This was something I didn’t notice earlier. Since it’s nginx which is doing the last-mile delivery, I checked nginx error logs there were a few of these:

Ah ha, now we have something to look for. But why the permission denied while reading upstream? Some Google searching and looking at the documents and nginx forums indicated that the proxy buffer was getting full and hence was not able to send the complete response, hence the truncated JSON responses.

Data from the responses that were cut-off showed that anything over 64kB was getting cut off, indicating the proxy buffer size was set to 64kB. But this was not defined in the nginx configuration anywhere. Some more digging around the documentation indeed confirmed that the buffer size was set to 64kB.

A small fix to increase the buffer size, a deploy via Chef and we’re all good again.

Moral of the story: know your platform defaults and keep revisiting your configuration settings, especially if they weren’t done by you/done long back!

]]>https://sathyasays.com/2017/03/13/of-nginxs-mid-cut-off-responses-and-proxy-buffers/feed/21509Xenserver and adding/attaching a new storage to a VMhttps://sathyasays.com/2017/02/02/xenserver-and-addingattaching-a-new-storage-to-a-vm/
https://sathyasays.com/2017/02/02/xenserver-and-addingattaching-a-new-storage-to-a-vm/#commentsThu, 02 Feb 2017 05:59:25 +0000https://sathyasays.com/?p=1500I had an instance today where a local VM(which is provisioned by Xenserver) was running low on disk space and wanted to increase the disk space allocated to it. Last time when I did it by increasing the space from within Xen Manager, I failed miserably(the VM was configured with LVM and neither pvscan or lvscan was able to see the increased space).

This time I tried a different approach:

rather than increasing the space of the attached disk, I created a new disk and attach it to the VM from Xenserver Management Console

Since the VM is configured with LVM, I decided to add the new disk as a Physical Volume(PV) and then extend the Logical Volume(LV) & Volume Group(VG)

Creating a new disk and attaching it to the VM from Xenserver management Console is fairly straightforward. First make note of the device to which the new disk is attached to. In this case, it is assumed to be xvdc. I’m also assuming that the volume group mesa-nl-vg exists and /dev/mapper/mesa–nl–vg–root is the logical volume path

End of the year is here and while other services are busy sending Year in 2016 report, there sparked a mini gaming report in our telegram group and I decided to compile my gaming in 2016 report. At the start of the year I had decided to finish more games this year and I guess I did a pretty decent in accomplishing this. So here’s my summary